Forum Discussion

Nimbostratus

Feb 10, 2010

Is this a bad idea...

Hi guys Curious on your thoughts on this please? We traditionally have a setup where we may have web application servers and database servers in our corporate network. ...

config

design

hooleylist

Cirrostratus

Feb 10, 2010

Hi Anthony,

Without native character and path normalization functionality (or user-defined functions?) in iRules, I don't think it's a good idea to try to use iRules to perform HTTP security validation. It's quite simple to bypass most iRule URI validation with encoding/directory traversal attacks. See this post for details:

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3090031324

ASM can definitely provide good validation and protection. But I don't think iRules should be depended on for now for this scenario.

Aaron

Forum Discussion

Is this a bad idea...

Recent Discussions

Errors in setup of BIGIP-NEXT CM VE on KVM

SEEK ADVICE FROM WEB BAILIFF CONTRACTOR ON STOLEN CRYPTO

AS3 Deployments (shared objects)

rSeries and tenant upgrades

iRule interpretation assistance

Related Content

Arabic Blackboard F5 series [LTM Idea] باللغة العربية

502 Bad Gateway Error

CPU vulns, LoopDOS, AI worms and Bad Bots - March 18th - 24th - This Week in Security

F5 CES protects the security of K8s egress traffic with the idea of fusion

Increasing accuracy using Bad Actor and Attacked Destination detection